'\" t
.\"     Title: newgidmap
.\"    Author: Eric Biederman
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 07/22/2021
.\"    Manual: User Commands
.\"    Source: shadow-utils 4.9
.\"  Language: English
.\"
.TH "NEWGIDMAP" "1" "07/22/2021" "shadow\-utils 4\&.9" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
newgidmap \- set the gid mapping of a user namespace
.SH "SYNOPSIS"
.HP \w'\fBnewgidmap\fR\ 'u
\fBnewgidmap\fR \fIpid\fR \fIgid\fR \fIlowergid\fR \fIcount\fR [\fIgid\fR\ \fIlowergid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]]
.SH "DESCRIPTION"
.PP
The
\fBnewgidmap\fR
sets
/proc/[pid]/gid_map
based on its command line arguments and the gids allowed\&. Subgid delegation can either be managed via
/etc/subgid
or through the configured NSS subid module\&. These options are mutually exclusive\&.
.PP
Note that the root group is not exempted from the requirement for a valid
/etc/subgid
entry\&.
.PP
After the pid argument,
\fBnewgidmap\fR
expects sets of 3 integers:
.PP
gid
.RS 4
Beginning of the range of GIDs inside the user namespace\&.
.RE
.PP
lowergid
.RS 4
Beginning of the range of GIDs outside the user namespace\&.
.RE
.PP
count
.RS 4
Length of the ranges (both inside and outside the user namespace)\&.
.RE
.PP
\fBnewgidmap\fR
verifies that the caller is the owner of the process indicated by
\fBpid\fR
and that for each of the above sets, each of the GIDs in the range [lowergid, lowergid+count) is allowed to the caller according to
/etc/subgid
before setting
/proc/[pid]/gid_map\&.
.PP
Note that newgidmap may be used only once for a given process\&.
.SH "OPTIONS"
.PP
There currently are no options to the
\fBnewgidmap\fR
command\&.
.SH "FILES"
.PP
/etc/subgid
.RS 4
List of user\*(Aqs subordinate group IDs\&.
.RE
.PP
/proc/[pid]/gid_map
.RS 4
Mapping of gids from one between user namespaces\&.
.RE
.SH "SEE ALSO"
.PP
\fBlogin.defs\fR(5),
\fBnewusers\fR(8),
\fBsubgid\fR(5),
\fBuseradd\fR(8),
\fBuserdel\fR(8),
\fBusermod\fR(8)\&.
